Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    105eeed08455f033414ef883eba83dfd87dc77653cf82b7c3f61dd960699e5f7

  • Size

    213KB

  • Sample

    221218-nmjldabg57

  • MD5

    1e5c136cf7bc0f4b811f6b9beb451291

  • SHA1

    256c01c08a75588eae5457608716928f7a7d4550

  • SHA256

    105eeed08455f033414ef883eba83dfd87dc77653cf82b7c3f61dd960699e5f7

  • SHA512

    1ae260ecb9bf0da55590bc838b8837cc1c7d7cfeed3aeb94ec902fe612db3c54f89a3a97322a0a3421786374ea47cf04a4c7bf2fdac394bd6b24c85dd3ef43e6

  • SSDEEP

    3072:fIBKtfL/vJRSAMzYRjQXjMApzkpVpKXC+g3uuq3HOil3lk025PH:gBefLHqhz80IApIIXCP+uq3jlVklPH

Malware Config

Extracted

Family

danabot

C2

23.236.181.126:443

123.253.35.251:443

66.85.173.3:443

Attributes
  • embedded_hash

    8F56CD73F6B5CD5D7B17B0BA61E70A82

  • type

    loader

Targets

    • Target

      105eeed08455f033414ef883eba83dfd87dc77653cf82b7c3f61dd960699e5f7

    • Size

      213KB

    • MD5

      1e5c136cf7bc0f4b811f6b9beb451291

    • SHA1

      256c01c08a75588eae5457608716928f7a7d4550

    • SHA256

      105eeed08455f033414ef883eba83dfd87dc77653cf82b7c3f61dd960699e5f7

    • SHA512

      1ae260ecb9bf0da55590bc838b8837cc1c7d7cfeed3aeb94ec902fe612db3c54f89a3a97322a0a3421786374ea47cf04a4c7bf2fdac394bd6b24c85dd3ef43e6

    • SSDEEP

      3072:fIBKtfL/vJRSAMzYRjQXjMApzkpVpKXC+g3uuq3HOil3lk025PH:gBefLHqhz80IApIIXCP+uq3jlVklPH

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks